nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/LayoutTests/svg/custom/unicode-in-tspan-multi-svg-...

39 lines
1.1 KiB
HTML
Raw Permalink Normal View History

Clear SVGInlineTextBox fragments when the text changes. https://bugs.webkit.org/show_bug.cgi?id=130879 Reviewed by Darin Adler. Ported from Blink: https://src.chromium.org/viewvc/blink?revision=150456&view=revision Source/WebCore: This patch modifies SVGInlineTextBox::dirtyLineBoxes to clear all following text boxes when invoked. Typically this method is called when the underlying text string changes, and that change needs to be propagated to all the boxes that use the text beyond the point where the text is first modified. Also cleans up final function keywords for SVGRootInlineBox. Test: svg/custom/unicode-in-tspan-multi-svg-crash.html * rendering/InlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::InlineTextBox::dirtyOwnLineBoxes): Calls dirtyLineBoxes() * rendering/svg/SVGInlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): * rendering/svg/SVGInlineTextBox.cpp: (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): Non-recursive part of dirtyLineBoxes() (WebCore::SVGInlineTextBox::dirtyLineBoxes): Calls dirtyOwnLineBoxes() in a loop * rendering/svg/SVGRootInlineBox.h: LayoutTests: When failing, this test will render garbage characters or crash. * svg/custom/unicode-in-tspan-multi-svg-crash-expected.txt: Added. * svg/custom/unicode-in-tspan-multi-svg-crash.html: Added. Canonical link: https://commits.webkit.org/148936@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2014-03-28 18:25:26 +00:00
<!DOCTYPE html>
<html>
<script>
if (window.testRunner)
testRunner.dumpAsText(false);
onload = function() {
tSpanElement = document.getElementById('tSpanInFirstRoot');
tSpanElement.appendChild(document.createTextNode(unescape('%ufe9e%ue28f%ue47e')));
document.body.offsetTop;
document.body.style.zoom=0.9;
document.designMode='on';
filterInFirstRoot = document.getElementById('filterInFirstRoot');
useElement = document.getElementById('useElement');
Align Selection API with the specification https://bugs.webkit.org/show_bug.cgi?id=160663 Reviewed by Ryosuke Niwa. Source/WebCore: Align Selection API with the specification: - https://www.w3.org/TR/selection-api/#idl-def-Selection In particular, the following changes were made: - Mark parameters as non-nullable when they should be. - Mark parameters as mandatory when they should be. - Use "unsigned long" type for offsets instead of "long". This aligns our behavior with Firefox and Chrome. Note that the Node parameters to setBaseAndExtent() operation were kept nullable, which does not match the specification. This is intentional as I worry about compatibility risk, especially considering they are still nullable in Chrome. Only Firefox marks them as non-nullable. Test: editing/selection/bad-input.html * dom/Position.h: (WebCore::Position::LegacyEditingOffset::value): (WebCore::Position::LegacyEditingOffset::LegacyEditingOffset): (WebCore::createLegacyEditingPosition): * page/DOMSelection.cpp: (WebCore::DOMSelection::anchorOffset): (WebCore::DOMSelection::focusOffset): (WebCore::DOMSelection::baseOffset): (WebCore::DOMSelection::extentOffset): (WebCore::DOMSelection::rangeCount): (WebCore::DOMSelection::collapse): (WebCore::DOMSelection::setBaseAndExtent): (WebCore::DOMSelection::setPosition): (WebCore::DOMSelection::extend): (WebCore::DOMSelection::getRangeAt): (WebCore::DOMSelection::addRange): (WebCore::DOMSelection::deleteFromDocument): (WebCore::DOMSelection::containsNode): (WebCore::DOMSelection::selectAllChildren): (WebCore::DOMSelection::shadowAdjustedOffset): (WebCore::DOMSelection::modify): Deleted. (WebCore::DOMSelection::shadowAdjustedNode): Deleted. (WebCore::DOMSelection::isValidForPosition): Deleted. * page/DOMSelection.h: * page/DOMSelection.idl: LayoutTests: * editing/selection/bad-input-expected.txt: Added. * editing/selection/bad-input.html: Added. Add new layout test to cover passing bad input to the Selection API. This new test is passing completely in Firefox and Chrome. * editing/execCommand/apply-style-text-decoration-crash.html: * editing/execCommand/applyblockelement-visiblepositionforindex-crash.html: * editing/execCommand/ident-crashes-topnode-is-text.html: * editing/execCommand/indent-pre-expected.txt: * editing/execCommand/indent-pre.html: * editing/execCommand/overtype.html: * editing/selection/containsNode-expected.txt: * editing/selection/containsNode.html: * editing/selection/move-by-line-003.html: * editing/selection/script-tests/DOMSelection-DocumentType.js: * editing/selection/script-tests/DOMSelection-crossing-document.js: (clear): * editing/selection/selection-invalid-offset-expected.txt: * fast/block/float/float-list-changed-before-layout-crash.html: * fast/dom/non-numeric-values-numeric-parameters-expected.txt: * fast/dom/script-tests/non-numeric-values-numeric-parameters.js: * fast/events/selectstart-by-arrow-keys.html: * fast/html/nav-element.html: * fast/html/script-tests/article-element.js: * fast/html/script-tests/aside-element.js: * fast/html/script-tests/footer-element.js: * fast/html/script-tests/header-element.js: * fast/html/script-tests/hgroup-element.js: * fast/html/script-tests/main-element.js: * fast/html/script-tests/section-element.js: * imported/blink/accessibility/event-on-deleted-iframe-causes-crash.html: * imported/blink/editing/apply-inline-style-to-element-with-no-renderer-crash.html: * svg/custom/unicode-in-tspan-multi-svg-crash.html: Update existing tests to use the Selection API properly. Canonical link: https://commits.webkit.org/178795@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@204263 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-08-08 20:30:29 +00:00
window.getSelection().setBaseAndExtent(filterInFirstRoot, 0, filterInFirstRoot, 0);
Clear SVGInlineTextBox fragments when the text changes. https://bugs.webkit.org/show_bug.cgi?id=130879 Reviewed by Darin Adler. Ported from Blink: https://src.chromium.org/viewvc/blink?revision=150456&view=revision Source/WebCore: This patch modifies SVGInlineTextBox::dirtyLineBoxes to clear all following text boxes when invoked. Typically this method is called when the underlying text string changes, and that change needs to be propagated to all the boxes that use the text beyond the point where the text is first modified. Also cleans up final function keywords for SVGRootInlineBox. Test: svg/custom/unicode-in-tspan-multi-svg-crash.html * rendering/InlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::InlineTextBox::dirtyOwnLineBoxes): Calls dirtyLineBoxes() * rendering/svg/SVGInlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): * rendering/svg/SVGInlineTextBox.cpp: (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): Non-recursive part of dirtyLineBoxes() (WebCore::SVGInlineTextBox::dirtyLineBoxes): Calls dirtyOwnLineBoxes() in a loop * rendering/svg/SVGRootInlineBox.h: LayoutTests: When failing, this test will render garbage characters or crash. * svg/custom/unicode-in-tspan-multi-svg-crash-expected.txt: Added. * svg/custom/unicode-in-tspan-multi-svg-crash.html: Added. Canonical link: https://commits.webkit.org/148936@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2014-03-28 18:25:26 +00:00
document.execCommand('ForwardDelete');
document.designMode='off';
}
</script>
<body>
<svg xmlns="http://www.w3.org/2000/svg">
<text>
<filter id="filterInFirstRoot"/>
<tspan id="tSpanInFirstRoot"/>
</text>
<path filter="url(#filterInSecondRoot)"/>
</svg>
<svg xmlns="http://www.w3.org/2000/svg">
<use id="useElement"/>
<filter id="filterInSecondRoot"/>
</svg>
A crash reproducible in Path::isEmpty() under RenderSVGShape::paint() https://bugs.webkit.org/show_bug.cgi?id=149613 Patch by Said Abou-Hallawa <sabouhallawa@apple.com> on 2016-01-21 Reviewed by Darin Adler. Source/WebCore: When RenderSVGRoot::layout() realizes its layout size has changed and it has resources which have relative sizes, it marks all the clients of the resources for invalidates regardless whether they belong to the same RenderSVGRoot or not. But it reruns the layout only for its children. If one of these clients comes before the current RenderSVGRoot in the render tree, ee end up having renderer marked for invalidation at rendering time. This also prevents scheduling the layout if the same renderer is marked for another invalidation later. We prevent this because we do not want to schedule another layout for a renderer which is already marked for invalidation. This can cause crash if the renderer is an RenderSVGPath. The fix is to mark "only" the clients of a resource which belong to the same RenderSVGRoot of the resource. Also we need to run the layout for all the resources which belong to different RenderSVGRoots before running the layout for an SVG renderer. Tests: svg/custom/filter-update-different-root.html svg/custom/pattern-update-different-root.html * rendering/svg/RenderSVGResourceContainer.cpp: (WebCore::RenderSVGResourceContainer::markAllClientsForInvalidation): We should not mark any client outside the current root for invalidation * rendering/svg/RenderSVGResourceContainer.h: Remove unneeded private keyword. * rendering/svg/RenderSVGRoot.cpp: (WebCore::RenderSVGRoot::addResourceForClientInvalidation): Code clean up; use findTreeRootObject() instead of repeating the same code. * rendering/svg/RenderSVGShape.cpp: (WebCore::RenderSVGShape::isEmpty): Avoid crashing if RenderSVGShape::isEmpty() is called before calling RenderSVGShape::layout(). * rendering/svg/RenderSVGText.cpp: (WebCore::RenderSVGText::layout): findTreeRootObject() now returns a pointer. * rendering/svg/SVGRenderSupport.cpp: (WebCore::SVGRenderSupport::findTreeRootObject): I do think nothing guarantees that an SVG renderer has to have an RenderSVGRoot in its ancestors. So change this function to return a pointer. Also Provide the non-const version of this function. (WebCore::SVGRenderSupport::layoutDifferentRootIfNeeded): Runs the layout if needed for all the resources which belong to different RenderSVGRoots. (WebCore::SVGRenderSupport::layoutChildren): Make sure all the renderer's resources which belong to different RenderSVGRoots are laid out before running the layout for this renderer. * rendering/svg/SVGRenderSupport.h: Remove a mysterious comment. * rendering/svg/SVGResources.cpp: (WebCore::SVGResources::layoutDifferentRootIfNeeded): Run the layout for all the resources which belong to different RenderSVGRoots outside the context of their RenderSVGRoots. * rendering/svg/SVGResources.h: (WebCore::SVGResources::clipper): (WebCore::SVGResources::markerStart): (WebCore::SVGResources::markerMid): (WebCore::SVGResources::markerEnd): (WebCore::SVGResources::masker): (WebCore::SVGResources::filter): (WebCore::SVGResources::fill): (WebCore::SVGResources::stroke): Code clean up; use nullptr instead of 0. LayoutTests: When running the layout of an SVG root and it has resources which are referenced by clients in other SVG roots, make sure we run the layout for these resources before running the layout for their clients. * svg/custom/filter-update-different-root-expected.html: Added. * svg/custom/filter-update-different-root.html: Added. Without this patch this test crashes because we paint a dirty RenderSVGShape. * svg/custom/pattern-update-different-root-expected.html: Added. * svg/custom/pattern-update-different-root.html: Added. Without this patch this test works fine but it is good to have it to catch cases where the SVG root needs to run re-layout for its children resources and hence their clients if its size has changed. * svg/custom/unicode-in-tspan-multi-svg-crash-expected.txt: * svg/custom/unicode-in-tspan-multi-svg-crash.html: This test was ported from Blink in http://trac.webkit.org/changeset/166420. The expectation of this test was changed in Blink: https://src.chromium.org/viewvc/blink?revision=158480&view=revision. Canonical link: https://commits.webkit.org/171382@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195411 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2016-01-21 17:50:26 +00:00
<p>Test Passes if there is no crash in Debug or Asan builds.</p>
Clear SVGInlineTextBox fragments when the text changes. https://bugs.webkit.org/show_bug.cgi?id=130879 Reviewed by Darin Adler. Ported from Blink: https://src.chromium.org/viewvc/blink?revision=150456&view=revision Source/WebCore: This patch modifies SVGInlineTextBox::dirtyLineBoxes to clear all following text boxes when invoked. Typically this method is called when the underlying text string changes, and that change needs to be propagated to all the boxes that use the text beyond the point where the text is first modified. Also cleans up final function keywords for SVGRootInlineBox. Test: svg/custom/unicode-in-tspan-multi-svg-crash.html * rendering/InlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::InlineTextBox::dirtyOwnLineBoxes): Calls dirtyLineBoxes() * rendering/svg/SVGInlineTextBox.h: Added (non-recursive) dirtyOwnLineBoxes() function (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): * rendering/svg/SVGInlineTextBox.cpp: (WebCore::SVGInlineTextBox::dirtyOwnLineBoxes): Non-recursive part of dirtyLineBoxes() (WebCore::SVGInlineTextBox::dirtyLineBoxes): Calls dirtyOwnLineBoxes() in a loop * rendering/svg/SVGRootInlineBox.h: LayoutTests: When failing, this test will render garbage characters or crash. * svg/custom/unicode-in-tspan-multi-svg-crash-expected.txt: Added. * svg/custom/unicode-in-tspan-multi-svg-crash.html: Added. Canonical link: https://commits.webkit.org/148936@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166420 268f45cc-cd09-0410-ab3c-d52691b4dbfc
2014-03-28 18:25:26 +00:00
</body>
</html>